]>
Commit | Line | Data |
---|---|---|
1 | --- cyrus-sasl-2.1.19/lib/common.c.orig 2004-10-19 13:04:57.000000000 +0200 | |
2 | +++ cyrus-sasl-2.1.19/lib/common.c 2004-10-19 13:10:34.000000000 +0200 | |
3 | @@ -1114,11 +1114,13 @@ | |
4 | _sasl_getconfpath(void *context __attribute__((unused)), | |
5 | char ** path_dest) | |
6 | { | |
7 | - char *path; | |
8 | + char *path = NULL; | |
9 | ||
10 | if (! path_dest) | |
11 | return SASL_BADPARAM; | |
12 | - path = getenv(SASL_CONF_PATH_ENV_VAR); | |
13 | + /* Honor external variable only in a safe environment */ | |
14 | + if (getuid() == geteuid() && getgid() == getegid()) | |
15 | + path = getenv(SASL_CONF_PATH_ENV_VAR); | |
16 | if (! path) | |
17 | path = CONFIGDIR; | |
18 | return _sasl_strdup(path, path_dest, NULL); | |
19 | @@ -1880,7 +1882,11 @@ | |
20 | if (! path) | |
21 | return SASL_BADPARAM; | |
22 | ||
23 | - *path = getenv(SASL_PATH_ENV_VAR); | |
24 | + /* Honor external variable only in a safe environment */ | |
25 | + if (getuid() == geteuid() && getgid() == getegid()) | |
26 | + *path = getenv(SASL_PATH_ENV_VAR); | |
27 | + else | |
28 | + *path = NULL; | |
29 | if (! *path) | |
30 | *path = PLUGINDIR; | |
31 |